Articles

Netsky-AF [Wrm] detected in Exchange 2010 Public Folder EDB

November 29, 2012 at 09:55:41
Specs: Server 2003, C2D8400; 2GB RAM

avast has detected the Netsky worm on a client's exchange 2010 server, in the Public Folder Database file itself. I will be trying the "repair" option tonight when I can bring the services offline, but i'm skeptical that this will work. Assuming that it doesn't, what's the process for cleaning an infected EDB file while maintaining the integrity of the public folder data?

Thanks for your help


See More: Netsky-AF [Wrm] detected in Exchange 2010 Public Folder EDB

Report •


#1
November 29, 2012 at 12:54:21

Not experienced in dealing with your problem.

EDB file infected
http://is.gd/oY2zHM


Report •

#2
December 7, 2012 at 18:53:21

I know this post is a little old, but I thought that I'd add my 2 cents.

First off all, I am surprised that you even have Avast set to scan Exchange folders. This goes against best practices as published by Microsoft as well as most Anti-virus manufacturers. Most of the Microsoft Exchange folders should be excluded from on-access and scheduled scanning. See here for a list of files, folders, and processes that Microsoft recommends should be excluded.

To adequately protect an Exchange server, whatever antivirus program is installed on the server should be designed for servers and feature an Exchange anti-malware component. This will properly hook into the Exchange system and scan all messages. This will prevent infected messages from being sent/received as well as protect the integrity of the mail stores.

In your case, the appropriate product from Avast is called Avast! Email Server Security. Details can be found here.

I would highly recommend AGAINST allowing your current Avast! scanner from trying to clean the .edb file. If you choose to do so, PLEASE make sure you have a complete backup of the entire exchange system (both brick level backup as well as database) and make a copy of the .EDB file once the information stores are offline with ALL exchange services stopped. Recovering from a corrupted .EDB file is a PAIN!

Let me know if you have any questions or need more info.

-----
IT Desktop & Network Consultant - MOS Master Certified, MCP, MCSA, MCITP - Windows 7, CCNA Certificate Pending, A+, Network +

::geek::


Report •

Related Solutions


Ask Question